mingw64-expat (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package mingw64-expat, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2022-25235 — CVSS 9.8 (critical): xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is…
CVE-2018-20843 — CVSS 7.5 (high): In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a…
CVE-2025-59375 — CVSS 7.5 (high): libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for…
CVE-2022-25313 — CVSS 6.5 (medium): In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.